List of usage examples for io.netty.handler.ssl SslProvider JDK
SslProvider JDK
To view the source code for io.netty.handler.ssl SslProvider JDK.
Click Source Link
From source file:cc.blynk.integration.model.websocket.AppWebSocketClient.java
License:Apache License
public AppWebSocketClient(String host, int port, String path) throws Exception { super(host, port, new Random(), new ServerProperties(Collections.emptyMap())); URI uri = new URI("wss://" + host + ":" + port + path); this.sslCtx = SslContextBuilder.forClient().sslProvider(SslProvider.JDK) .trustManager(InsecureTrustManagerFactory.INSTANCE).build(); this.appHandler = new AppWebSocketClientHandler(WebSocketClientHandshakerFactory.newHandshaker(uri, WebSocketVersion.V13, null, false, new DefaultHttpHeaders())); }
From source file:cc.blynk.integration.model.websocket.WebSocketClient.java
License:Apache License
public WebSocketClient(String host, int port, boolean isSSL) throws Exception { super(host, port, new Random()); String scheme = isSSL ? "wss://" : "ws://"; URI uri = new URI(scheme + host + ":" + port + WebSocketHandler.WEBSOCKET_PATH); if (isSSL) {//from w w w.jav a 2 s .c o m sslCtx = SslContextBuilder.forClient().sslProvider(SslProvider.JDK) .trustManager(InsecureTrustManagerFactory.INSTANCE).build(); } else { sslCtx = null; } this.handler = new WebSocketClientHandler(WebSocketClientHandshakerFactory.newHandshaker(uri, WebSocketVersion.V13, null, false, new DefaultHttpHeaders())); }
From source file:com.caricah.iotracah.server.netty.SSLHandler.java
License:Apache License
public SslContext getSslContext() throws UnRetriableException { try {// w w w .j av a 2s . c o m File certificateChainFile = getCertificateChainFile(); File certificateKeyFile = getCertificateKeyFile(); String keyPassword = getKeyPassword(); SslProvider sslProvider; if (OpenSsl.isAvailable()) { sslProvider = SslProvider.OPENSSL; } else { sslProvider = SslProvider.JDK; } return SslContext.newServerContext(sslProvider, certificateChainFile, certificateKeyFile, keyPassword); } catch (Exception e) { log.error(" getSSLEngine : problems when trying to initiate secure protocals", e); throw new UnRetriableException(e); } }
From source file:com.cmz.http.file.HttpStaticFileServer.java
License:Apache License
public static void main(String[] args) throws Exception { // Configure SSL. final SslContext sslCtx; if (SSL) {//from w ww . ja v a2 s .c o m SelfSignedCertificate ssc = new SelfSignedCertificate(); sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(SslProvider.JDK) .build(); } else { sslCtx = null; } EventLoopGroup bossGroup = new NioEventLoopGroup(1); EventLoopGroup workerGroup = new NioEventLoopGroup(); try { ServerBootstrap b = new ServerBootstrap(); b.group(bossGroup, workerGroup).channel(NioServerSocketChannel.class) .handler(new LoggingHandler(LogLevel.INFO)) .childHandler(new HttpStaticFileServerInitializer(sslCtx)); Channel ch = b.bind(PORT).sync().channel(); System.err.println("Open your web browser and navigate to " + (SSL ? "https" : "http") + "://127.0.0.1:" + PORT + '/'); ch.closeFuture().sync(); } finally { bossGroup.shutdownGracefully(); workerGroup.shutdownGracefully(); } }
From source file:com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.java
License:Apache License
@Inject public DefaultSearchGuardKeyStore(final Settings settings) { super();/*from w w w.j a v a 2 s .c om*/ this.settings = settings; httpSSLEnabled = settings.getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLED, SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLED_DEFAULT); transportSSLEnabled = settings.getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLED, SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLED_DEFAULT); final boolean useOpenSSLForHttpIfAvailable = settings .getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE, true); final boolean useOpenSSLForTransportIfAvailable = settings .getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE, true); if (httpSSLEnabled && useOpenSSLForHttpIfAvailable) { sslHTTPProvider = SslContext.defaultServerProvider(); logOpenSSLInfos(); } else if (httpSSLEnabled) { sslHTTPProvider = SslProvider.JDK; } else { sslHTTPProvider = null; } if (transportSSLEnabled && useOpenSSLForTransportIfAvailable) { sslTransportClientProvider = SslContext.defaultClientProvider(); sslTransportServerProvider = SslContext.defaultServerProvider(); logOpenSSLInfos(); } else if (transportSSLEnabled) { sslTransportClientProvider = sslTransportServerProvider = SslProvider.JDK; } else { sslTransportClientProvider = sslTransportServerProvider = null; } log.info("java.version: {}", System.getProperty("java.version")); log.info("java.vendor: {}", System.getProperty("java.vendor")); log.info("java.vm.specification.version: {}", System.getProperty("java.vm.specification.version")); log.info("java.vm.specification.vendor: {}", System.getProperty("java.vm.specification.vendor")); log.info("java.vm.specification.name: {}", System.getProperty("java.vm.specification.name")); log.info("java.vm.name: {}", System.getProperty("java.vm.name")); log.info("java.vm.vendor: {}", System.getProperty("java.vm.vendor")); log.info("java.specification.version: {}", System.getProperty("java.specification.version")); log.info("java.specification.vendor: {}", System.getProperty("java.specification.vendor")); log.info("java.specification.name: {}", System.getProperty("java.specification.name")); log.info("os.name: {}", System.getProperty("os.name")); log.info("os.arch: {}", System.getProperty("os.arch")); log.info("os.version: {}", System.getProperty("os.version")); initEnabledSSLCiphers(); initSSLConfig(); printJCEWarnings(); log.info("sslTransportClientProvider:{} with ciphers {}", sslTransportClientProvider, getEnabledSSLCiphers(sslTransportClientProvider, false)); log.info("sslTransportServerProvider:{} with ciphers {}", sslTransportServerProvider, getEnabledSSLCiphers(sslTransportServerProvider, false)); log.info("sslHTTPProvider:{} with ciphers {}", sslHTTPProvider, getEnabledSSLCiphers(sslHTTPProvider, true)); log.info("sslTransport protocols {}", Arrays.asList(SSLConfigConstants.getSecureSSLProtocols(settings, false))); log.info("sslHTTP protocols {}", Arrays.asList(SSLConfigConstants.getSecureSSLProtocols(settings, true))); if (transportSSLEnabled && (getEnabledSSLCiphers(sslTransportClientProvider, false).isEmpty() || getEnabledSSLCiphers(sslTransportServerProvider, false).isEmpty())) { throw new ElasticsearchSecurityException("no valid cipher suites for transport protocol"); } if (httpSSLEnabled && getEnabledSSLCiphers(sslHTTPProvider, true).isEmpty()) { throw new ElasticsearchSecurityException("no valid cipher suites for http"); } if (transportSSLEnabled && SSLConfigConstants.getSecureSSLProtocols(settings, false).length == 0) { throw new ElasticsearchSecurityException("no ssl protocols for transport protocol"); } if (httpSSLEnabled && SSLConfigConstants.getSecureSSLProtocols(settings, true).length == 0) { throw new ElasticsearchSecurityException("no ssl protocols for http"); } }
From source file:com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.java
License:Apache License
private List<String> getEnabledSSLCiphers(final SslProvider provider, boolean http) { if (provider == null) { return Collections.emptyList(); }/*from w w w . j av a2 s .co m*/ if (http) { return provider == SslProvider.JDK ? enabledHttpCiphersJDKProvider : enabledHttpCiphersOpenSSLProvider; } else { return provider == SslProvider.JDK ? enabledTransportCiphersJDKProvider : enabledTransportCiphersOpenSSLProvider; } }
From source file:com.floragunn.searchguard.ssl.SearchGuardKeyStore.java
License:Apache License
@Inject public SearchGuardKeyStore(final Settings settings) { super();//from w w w .ja va 2 s . c o m this.settings = settings; httpSSLEnabled = settings.getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLED, SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLED_DEFAULT); transportSSLEnabled = settings.getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLED, SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLED_DEFAULT); final boolean useOpenSSLForHttpIfAvailable = settings .getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE, true); final boolean useOpenSSLForTransportIfAvailable = settings .getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE, true); if (httpSSLEnabled && useOpenSSLForHttpIfAvailable) { sslHTTPProvider = SslContext.defaultServerProvider(); logOpenSSLInfos(); } else if (httpSSLEnabled) { sslHTTPProvider = SslProvider.JDK; } else { sslHTTPProvider = null; } if (transportSSLEnabled && useOpenSSLForTransportIfAvailable) { sslTransportClientProvider = SslContext.defaultClientProvider(); sslTransportServerProvider = SslContext.defaultServerProvider(); logOpenSSLInfos(); } else if (transportSSLEnabled) { sslTransportClientProvider = sslTransportServerProvider = SslProvider.JDK; } else { sslTransportClientProvider = sslTransportServerProvider = null; } initEnabledSSLCiphers(); initSSLConfig(); printJCEWarnings(); log.info("sslTransportClientProvider:{} with ciphers {}", sslTransportClientProvider, getEnabledSSLCiphers(sslTransportClientProvider, false)); log.info("sslTransportServerProvider:{} with ciphers {}", sslTransportServerProvider, getEnabledSSLCiphers(sslTransportServerProvider, false)); log.info("sslHTTPProvider:{} with ciphers {}", sslHTTPProvider, getEnabledSSLCiphers(sslHTTPProvider, true)); log.info("sslTransport protocols {}", Arrays.asList(SSLConfigConstants.getSecureSSLProtocols(settings, false))); log.info("sslHTTP protocols {}", Arrays.asList(SSLConfigConstants.getSecureSSLProtocols(settings, true))); if (transportSSLEnabled && (getEnabledSSLCiphers(sslTransportClientProvider, false).isEmpty() || getEnabledSSLCiphers(sslTransportServerProvider, false).isEmpty())) { throw new ElasticsearchSecurityException("no valid cipher suites for transport protocol"); } if (httpSSLEnabled && getEnabledSSLCiphers(sslHTTPProvider, true).isEmpty()) { throw new ElasticsearchSecurityException("no valid cipher suites for http"); } if (transportSSLEnabled && SSLConfigConstants.getSecureSSLProtocols(settings, false).length == 0) { throw new ElasticsearchSecurityException("no ssl protocols for transport protocol"); } if (httpSSLEnabled && SSLConfigConstants.getSecureSSLProtocols(settings, true).length == 0) { throw new ElasticsearchSecurityException("no ssl protocols for http"); } }
From source file:com.flysoloing.learning.network.netty.http2.helloworld.client.Http2Client.java
License:Apache License
public static void main(String[] args) throws Exception { // Configure SSL. final SslContext sslCtx; if (SSL) {/* w w w . ja v a 2 s. com*/ SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK; sslCtx = SslContextBuilder.forClient().sslProvider(provider) /* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification. * Please refer to the HTTP/2 specification for cipher requirements. */ .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig(Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers. SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers. SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)) .build(); } else { sslCtx = null; } EventLoopGroup workerGroup = new NioEventLoopGroup(); Http2ClientInitializer initializer = new Http2ClientInitializer(sslCtx, Integer.MAX_VALUE); try { // Configure the client. Bootstrap b = new Bootstrap(); b.group(workerGroup); b.channel(NioSocketChannel.class); b.option(ChannelOption.SO_KEEPALIVE, true); b.remoteAddress(HOST, PORT); b.handler(initializer); // Start the client. Channel channel = b.connect().syncUninterruptibly().channel(); System.out.println("Connected to [" + HOST + ':' + PORT + ']'); // Wait for the HTTP/2 upgrade to occur. Http2SettingsHandler http2SettingsHandler = initializer.settingsHandler(); http2SettingsHandler.awaitSettings(5, TimeUnit.SECONDS); HttpResponseHandler responseHandler = initializer.responseHandler(); int streamId = 3; HttpScheme scheme = SSL ? HttpScheme.HTTPS : HttpScheme.HTTP; AsciiString hostName = new AsciiString(HOST + ':' + PORT); System.err.println("Sending request(s)..."); if (URL != null) { // Create a simple GET request. FullHttpRequest request = new DefaultFullHttpRequest(HTTP_1_1, GET, URL); request.headers().add(HttpHeaderNames.HOST, hostName); request.headers().add(HttpConversionUtil.ExtensionHeaderNames.SCHEME.text(), scheme.name()); request.headers().add(HttpHeaderNames.ACCEPT_ENCODING, HttpHeaderValues.GZIP); request.headers().add(HttpHeaderNames.ACCEPT_ENCODING, HttpHeaderValues.DEFLATE); responseHandler.put(streamId, channel.write(request), channel.newPromise()); streamId += 2; } if (URL2 != null) { // Create a simple POST request with a body. FullHttpRequest request = new DefaultFullHttpRequest(HTTP_1_1, POST, URL2, wrappedBuffer(URL2DATA.getBytes(CharsetUtil.UTF_8))); request.headers().add(HttpHeaderNames.HOST, hostName); request.headers().add(HttpConversionUtil.ExtensionHeaderNames.SCHEME.text(), scheme.name()); request.headers().add(HttpHeaderNames.ACCEPT_ENCODING, HttpHeaderValues.GZIP); request.headers().add(HttpHeaderNames.ACCEPT_ENCODING, HttpHeaderValues.DEFLATE); responseHandler.put(streamId, channel.write(request), channel.newPromise()); } channel.flush(); responseHandler.awaitResponses(5, TimeUnit.SECONDS); System.out.println("Finished HTTP/2 request(s)"); // Wait until the connection is closed. channel.close().syncUninterruptibly(); } finally { workerGroup.shutdownGracefully(); } }
From source file:com.flysoloing.learning.network.netty.http2.helloworld.multiplex.server.Http2Server.java
License:Apache License
public static void main(String[] args) throws Exception { // Configure SSL. final SslContext sslCtx; if (SSL) {/* w ww . j a v a 2 s. c o m*/ SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK; SelfSignedCertificate ssc = new SelfSignedCertificate(); sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(provider) /* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification. * Please refer to the HTTP/2 specification for cipher requirements. */ .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE) .applicationProtocolConfig(new ApplicationProtocolConfig(Protocol.ALPN, // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers. SelectorFailureBehavior.NO_ADVERTISE, // ACCEPT is currently the only mode supported by both OpenSsl and JDK providers. SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)) .build(); } else { sslCtx = null; } // Configure the server. EventLoopGroup group = new NioEventLoopGroup(); try { ServerBootstrap b = new ServerBootstrap(); b.option(ChannelOption.SO_BACKLOG, 1024); b.group(group).channel(NioServerSocketChannel.class).handler(new LoggingHandler(LogLevel.INFO)) .childHandler(new Http2ServerInitializer(sslCtx)); Channel ch = b.bind(PORT).sync().channel(); System.err.println("Open your HTTP/2-enabled web browser and navigate to " + (SSL ? "https" : "http") + "://127.0.0.1:" + PORT + '/'); ch.closeFuture().sync(); } finally { group.shutdownGracefully(); } }
From source file:com.foilen.smalltools.net.netty.NettyClient.java
License:Open Source License
public void connect(String hostname, int port, final RSATrustedCertificates trustedCertificates, final RSACertificate certificate, final List<ChannelHandlerContainer> channelHandlerContainers) { AssertTools.assertNull(channel, "Client is already connected"); try {//from ww w . j av a 2 s . c om Bootstrap bootstrap = new Bootstrap(); bootstrap.group(NettyCommon.EVENT_LOOP_GROUP); bootstrap.channel(NioSocketChannel.class); bootstrap.option(ChannelOption.SO_KEEPALIVE, true); bootstrap.handler(new ChannelInitializer<SocketChannel>() { @Override public void initChannel(SocketChannel socketChannel) throws Exception { // Add sslCtx if needed if (trustedCertificates != null || certificate != null) { TrustManagerFactory trustManagerFactory = trustedCertificates == null ? null : RSATools.createTrustManagerFactory(trustedCertificates); KeyManagerFactory keyManagerFactory = certificate == null ? null : RSATools.createKeyManagerFactory(certificate); CipherSuiteFilter cipherFilter = IdentityCipherSuiteFilter.INSTANCE; SslContext sslCtx = SslContext.newClientContext(SslProvider.JDK, null, trustManagerFactory, null, null, null, keyManagerFactory, null, cipherFilter, null, 0, 0); socketChannel.pipeline().addLast(sslCtx.newHandler(socketChannel.alloc())); } // Add the channel handlers for (ChannelHandlerContainer channelHandlerContainer : channelHandlerContainers) { socketChannel.pipeline() .addLast(ReflectionTools.instantiate( channelHandlerContainer.getChannelHandlerClass(), channelHandlerContainer.getConstructorParams())); } } }); logger.info("Connecting to {}:{}", hostname, port); channel = bootstrap.connect(hostname, port).sync().channel(); } catch (InterruptedException e) { logger.info("Connection to {}:{} was interrupted while being created", hostname, port); throw new SmallToolsException("Connection was interrupted"); } }